This class accesses the validation information of a CGI session, REST/Soap session or batch job:

A boolean which says, if the session (or job) is validated.

Validation System
The name of the system which validated the session (or job): undef, 'nethz', 'shibboleth' or 'vip'.

User Information
Firstname and lastname, username and email address of a validated person.

User Identification
The database ID of the user

Set of Properties
Each session (or job) has a set of properties. Properties define which features of an application are allowed for a session (or job).

Validation Attributes
Validation systems give access to attributes of a user. VIP application should try to give access to resources by checking this attributes on the fly. This avoids permanent registration of simple users on a local database.


  #!/usr/bin/perl -w
  use strict;
  use vars qw($cgi $style $validation);
  use CGIsession;
  use VipStyle;
  use Validation;
  $cgi = CGIsession->connect();
  $style = VipStyle->new( -cgi=>$cgi );
  $validation = Validation->new( -cgi=>$cgi );
  &handle_request() unless $cgi->request_is_redirected( needs_validation=>0 );
  sub handle_request {
      if ( $validation->has_property('is_vegetarian') ) {
          # do things for vegetarians only
      if ($validation->validated) {
          $person_name = $validation->name;    # string firstname lastname
          $email = $validation->email;         # RFC-822 email address
          $username = $validation->username;   # depending on validation system
          $s = $validation->validation_system; # 'vip' 'nethz' or 'shibboleth'
          $nethz_test = ... # see below
          $shibo_test = ...
          my $match = $validation->attribute_check( -nethz => $nethz_test,
                                                    -shibboleth => $shibo_test);


$validation = Validation->new( -cgi => $cgi )
Object constructor. Needs the CGIsession object.

$match = $validation->attribute_check ( -nethz => $expr, -shibboleth => $expr )
Checks is the users validation attributes correspond with the appropriate expression. Validation attributes originate from the validation systems nethz or shibboleth. Each system has different attributes.

At login time, the validation attributes are saved. A script supplies Perl expressions (as strings) to check validation attributes. This expressions are evaluated in the following context:

 package empty;
 use strict;
 use vars qw(%attr);
 %attr = ( attrName1 => 'value1',
           attrName2 => 'value2',
 return EXRESSION;

The expression is syntax checked (and untainted), before it is evaluated. Only a simple expression is allowed. There should be no references to variables other than %attr. I.e. $attr{'attrNameX'} eq 'valueX. This values can be compared with simple constants (strings or numbers) and matched with simple patters: I.e. $attr{'attrNameX'} =~ /perl-regex/.

$rfc_822_string = $validation->email;
$firstname_lastname = $validation->name;
$username = $validation->username;
$username = $validation->user_id;
$string = $validation->validation_system;
$boolean = $validation->validation;
The above methods return information about the validated user or undef if the session (or job) is not validated.

$boolean = $validation->has_property( property );
This method returns whether the session (or job) has a given property.


Copyright 2005-2013 Thedi gerber@id.ethz.ch